Megaupload’s do-si-do around the DMCA

If you read the 70 page federal indictment against notorious pirate cyberlocker website Megaupload, you will find this charge on page 10, section 22:

When a file is being uploaded to Megaupload.com, the Conspiracy’s automated system calculates a unique identifier for the file (called a “MD5 hash”) that is generated using a mathematical algorithm. If, after the MD5 hash calculation, the system determines that the uploading file already exists on a server controlled by the Mega Conspiracy, Megaupload.com does not reproduce a second copy of the file on that server. Instead, the system provides a newand unique URL link to the new user that is pointed to the original file already present on the server. If there is more than one URL link to a file, then any attempt by the copyright holder to terminate access to the file using the Abuse Tool or other DMCA takedown request will fail because the additional access links will continue to be available.

During my dealings with Megaupload over this past year and a half I’d long suspected as much. Time after time, I’d remove links using Megaupload’s content management tool only to see a duplicate file reappear (with a new link) minutes later. Of course, unlike federal authorities, I did not have access to the actual content residing on Megaupload’s servers, so I couldn’t really prove it.

This past fall while I was researching a pirate blog that offered illegal downloads to LGBT films, I saw that the film “Kyss Mig” was being pirated. Since it’s a film distributed by the same company (Wolfe Video) that distributes our film I notified them of the infringing link. A DMCA notice was sent and, as expected, the link was disabled. However, when I went back to the website the following day I noticed that the disabled link had been replaced by a new one. That led me to again notify Wolfe and the exercise in futility was repeated. A few days later I noticed that the link was alive yet again, but the blog owner had changed things up (to protect her download) and the link now took me to an intermediate site “undeadlink.com.”

Essentially the site offered a convenient way to regenerate links to supposedly “dead” files on Megaupload (and apparently Fileserve). If Megaupload had actually removed the infringing file when it was originally reported, this wouldn’t have been an option. However, because Megaupload apparently did exactly what is spelled out in the indictment, it was very possible (and efficient). When I discovered what was going on last fall, and that it verified my suspicions, I decided to record the process. This video documents what I found.